﻿using Microsoft.Extensions.DependencyInjection;

namespace BlogDemo.Api.Extensions
{
    public static class AuthorizationConfig
    {
        public static IServiceCollection AddAuthorization11111(this IServiceCollection services)
        {
            ////Policy、Role、Scheme
            //services.AddAuthorization(options =>
            //{
            //    //1、Definition authorization policy
            //    options.AddPolicy("Permission",
            //       policy => policy.Requirements.Add(new PermissionRequirement()));
            //}).AddAuthentication(s =>
            //{
            //    //2、Authentication
            //    s.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            //    s.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            //    s.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            //}).AddJwtBearer(options =>
            //{
            //    //3、Use Jwt bearer 
            //options.TokenValidationParameters = new TokenValidationParameters()
            //{
            //    ValidateIssuer = true,
            //    ValidIssuer = token.Issuer,
            //    ValidateAudience = true,
            //    ValidAudience =token.Audience,
            //    ValidateIssuerSigningKey = true,
            //    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(token.SigningKey))
            //};

            //    options.Events = new JwtBearerEvents
            //    {
            //        OnAuthenticationFailed = context =>
            //        {
            //            //Token expired
            //            if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
            //            {
            //                context.Response.Headers.Add("Token-Expired", "true");
            //            }
            //            return Task.CompletedTask;
            //        }
            //    };
            //});
            return services;
        }
    }
}
